[Pkg-php-commits] [php/debian-sid] Cherry pick fix for integer overflow in SdnToJulian
Ondřej Surý
ondrej at sury.org
Wed Jan 5 10:06:14 UTC 2011
---
.../fix-integer-overflow-in-SdnToJulian.patch | 90 ++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 91 insertions(+), 0 deletions(-)
create mode 100644 debian/patches/fix-integer-overflow-in-SdnToJulian.patch
diff --git a/debian/patches/fix-integer-overflow-in-SdnToJulian.patch b/debian/patches/fix-integer-overflow-in-SdnToJulian.patch
new file mode 100644
index 0000000..6f1510a
--- /dev/null
+++ b/debian/patches/fix-integer-overflow-in-SdnToJulian.patch
@@ -0,0 +1,90 @@
+--- /dev/null
++++ b/ext/calendar/tests/bug53574.phpt
+@@ -0,0 +1,35 @@
++--TEST--
++Bug #53574 (Integer overflow in SdnToJulian; leads to segfault)
++--SKIPIF--
++<?php include 'skipif.inc'; ?>
++--FILE--
++<?php
++if (PHP_INT_MAX == 0x7FFFFFFF) {
++ $x = 882858043;
++} else {
++ $x = 3315881921229094912;
++}
++
++var_dump(cal_from_jd($x, CAL_JULIAN));
++--EXPECT--
++array(9) {
++ ["date"]=>
++ string(5) "0/0/0"
++ ["month"]=>
++ int(0)
++ ["day"]=>
++ int(0)
++ ["year"]=>
++ int(0)
++ ["dow"]=>
++ int(3)
++ ["abbrevdayname"]=>
++ string(3) "Wed"
++ ["dayname"]=>
++ string(9) "Wednesday"
++ ["abbrevmonth"]=>
++ string(0) ""
++ ["monthname"]=>
++ string(0) ""
++}
++
+--- a/ext/calendar/julian.c
++++ b/ext/calendar/julian.c
+@@ -146,6 +146,7 @@
+ **************************************************************************/
+
+ #include "sdncal.h"
++#include <limits.h>
+
+ #define JULIAN_SDN_OFFSET 32083
+ #define DAYS_PER_5_MONTHS 153
+@@ -164,15 +165,22 @@ void SdnToJulian(
+ int dayOfYear;
+
+ if (sdn <= 0) {
+- *pYear = 0;
+- *pMonth = 0;
+- *pDay = 0;
+- return;
++ goto fail;
+ }
+- temp = (sdn + JULIAN_SDN_OFFSET) * 4 - 1;
++ /* Check for overflow */
++ if (sdn > (LONG_MAX - JULIAN_SDN_OFFSET * 4 + 1) / 4 || sdn < LONG_MIN / 4) {
++ goto fail;
++ }
++ temp = sdn * 4 + (JULIAN_SDN_OFFSET * 4 - 1);
+
+ /* Calculate the year and day of year (1 <= dayOfYear <= 366). */
+- year = temp / DAYS_PER_4_YEARS;
++ {
++ long yearl = temp / DAYS_PER_4_YEARS;
++ if (yearl > INT_MAX || yearl < INT_MIN) {
++ goto fail;
++ }
++ year = (int) yearl;
++ }
+ dayOfYear = (temp % DAYS_PER_4_YEARS) / 4 + 1;
+
+ /* Calculate the month and day of month. */
+@@ -196,6 +204,12 @@ void SdnToJulian(
+ *pYear = year;
+ *pMonth = month;
+ *pDay = day;
++ return;
++
++fail:
++ *pYear = 0;
++ *pMonth = 0;
++ *pDay = 0;
+ }
+
+ long int JulianToSdn(
diff --git a/debian/patches/series b/debian/patches/series
index 3f98b4b..7a9ff72 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -80,3 +80,4 @@ do-not-overwrite-GLOBALS-and-this.patch
fix-crash-if-aa-steps-are-invalid.patch
fix-crash-with-entity-declarations-in-simplexml.patch
fix-for-NULL-deref-in-zend_language_scanner.patch
+fix-integer-overflow-in-SdnToJulian.patch
--
1.7.1
More information about the Pkg-php-commits
mailing list